Remote - GRC Analyst

About the position Responsibilities • Maintain familiarity with a broad regulatory landscape impacting business and IT areas. • Remain current with emerging regulatory sentiments as well as solution trends in the marketplace. • Understand the impact of laws and regulations on company systems and technology. • Recommend and implement changes in security policies, standards and/or procedures as needed. • Collaborate with the appropriate stakeholders to establish and maintain a system for assessing compliance with security and privacy policies. • Map control requirements across information security frameworks to identify overlapping requirements and compliance efficiencies. • Review third parties by way of security due diligence. • Facilitate and support execution of external assessments relative to data security (SOC 1, SOC 2, PCI, etc.). • Maintain information security risk management methodologies, definitions and processes; aligned with those from Enterprise Risk Management. • Report on key risk indicators (KRIs) and key performance indicators (KPIs). • Continuously evaluate network and system security, data vulnerabilities, business continuity and compliance risks. Requirements • Bachelor's degree in Cybersecurity, Computer Science, Information Systems or equivalent field required. • 2-5 years experience in Information Security GRC, Risk Management, Information Technology or equivalent. • Experience with information security, control standards, and frameworks such as PCI DSS, ISO27001 and/or NIST CSF and 800-53 preferred. • Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) strongly preferred. • Other certifications such as Certified Information Security Manager (CISM), Project Management Professional (PMP), or Certified Information Systems Security Professional (CISSP) desired. • Knowledge of Financial Service industry regulations, risk management methodologies, operations or auditing is highly desired. • Ability to present issues and recommendations in a manner that will be understood and accepted by all responsible parties. • Strong Excel and SharePoint skills are highly desired. • Familiarity with GRC and problem management tools highly desired (RSA Archer, Jira, Confluence, LogicGate, ServiceNow, etc.). • Experience performing Third-Party Risk Reviews, Due Diligence, and Contract Advisory support for InfoSec activities is highly desired. • Experience with calculating cyber risk using industry risk methodologies (e.g. FAIR) is desired. Benefits • Diversity and equal opportunity for all applicants and employees. • Reasonable accommodations for candidates on request. • Respect for applicants' privacy rights. Apply tot his job Apply To this Job